Usage

Then start any containers you want proxied with an env var VIRTUAL_HOST=subdomain.youdomain.com

$ docker run -e VIRTUAL_HOST=foo.bar.com ...

Provided your DNS is setup to forward foo.bar.com to the a host running nginx-proxy, the request will be routed to a container with the VIRTUAL_HOST env var set.

Multiple Ports

If your container exposes multiple ports, nginx-proxy will default to the service running on port 80. If you need to specify a different port, you can set a VIRTUAL_PORT env var to select a different one. If your container only exposes one port and it has a VIRTUAL_HOST env var set, that port will be selected.

Multiple Hosts

If you need to support multipe virtual hosts for a container, you can separate each entry with commas. For example, foo.bar.com,baz.bar.com,bar.com and each host will be setup the same.

Separate Containers

nginx-proxy can also be run as two separate containers using the jwilder/docker-genimage and the official nginx image.

You may want to do this to prevent having the docker socket bound to a publicly exposed container service.

To run nginx proxy as a separate container you'll need to have nginx.tmpl on your host system.

The contents of /path/to/certs should contain the certificates and private keys for any virtualhosts in use. The certificate and keys should be named after the virtual host with a .crt and.key extension. For example, a container with VIRTUAL_HOST=foo.bar.com should have afoo.bar.com.crt and foo.bar.com.key file in the certs directory.

Wildcard Certificates

Wildcard certificates and keys should be name after the domain name with a .crt and .key extension.For example VIRTUAL_HOST=foo.bar.com would use cert name bar.com.crt and bar.com.key.

SNI

If your certificate(s) supports multiple domain names, you can start a container with CERT_NAME=<name>to identify the certificate to be used. For example, a certificate for *.foo.com and *.bar.comcould be named shared.crt and shared.key. A container running with VIRTUAL_HOST=foo.bar.comand CERT_NAME=shared will then use this shared cert.

The behavior for the proxy when port 80 and 443 are exposed is as follows:

If a container has a usable cert, port 80 will redirect to 443 for that container so that HTTPSis always preferred when available.

If the container does not have a usable cert, a 503 will be returned.

Note that in the latter case, a browser may get an connection error as no certificate is availableto establish a connection. A self-signed or generic cert named default.crt and default.keywill allow a client browser to make a SSL connection (likely w/ a warning) and subsequently receivea 503.

Basic Authentication Support

In order to be able to securize your virtual host, you have to create a file named as its equivalent VIRTUAL_HOST variable on directory/etc/nginx/htpasswd/$VIRTUAL_HOST